{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-07-15T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1022569", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1022569"}, {"name": "unified-ccx-interface-xss(51730)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51730"}, {"name": "35861", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35861"}, {"name": "55937", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/55937"}, {"name": "ADV-2009-1913", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1913"}, {"name": "35705", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35705"}, {"name": "20090715 Vulnerabilities in Unified Contact Center Express Administration Pages", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ae04b2.shtml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2009-2048", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1022569", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1022569"}, {"name": "unified-ccx-interface-xss(51730)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51730"}, {"name": "35861", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35861"}, {"name": "55937", "refsource": "OSVDB", "url": "http://osvdb.org/55937"}, {"name": "ADV-2009-1913", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1913"}, {"name": "35705", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35705"}, {"name": "20090715 Vulnerabilities in Unified Contact Center Express Administration Pages", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ae04b2.shtml"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:36:20.948Z"}, "title": "CVE Program Container", "references": [{"name": "1022569", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1022569"}, {"name": "unified-ccx-interface-xss(51730)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51730"}, {"name": "35861", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35861"}, {"name": "55937", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/55937"}, {"name": "ADV-2009-1913", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1913"}, {"name": "35705", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/35705"}, {"name": "20090715 Vulnerabilities in Unified Contact Center Express Administration Pages", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ae04b2.shtml"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2009-2048", "datePublished": "2009-07-16T15:00:00", "dateReserved": "2009-06-12T00:00:00", "dateUpdated": "2024-08-07T05:36:20.948Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:crs:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "4C6F8BA2-EA5E-4E90-8390-2D29E8FAB4AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:crs:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E010B8C0-06BF-42C9-8AE6-8A0A6696EC9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:crs:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "98203DF7-2B21-4D7F-B32C-E9E6C24E1A9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:crs:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "629B1A0E-A13F-4209-B070-960392893299", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:crs:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "13E6B9D0-5F88-4F48-A313-D478FB9919FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:crs:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F979F18-29A6-433C-91A4-0042EC275CF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:crs:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "8F6008EC-FB15-43B3-8B09-3BFB28536EC0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:customer_response_applications:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "B5DC9FD7-0716-456C-895F-74BC7866C520", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:ip_qm:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "8BC0CC96-C3DD-4564-8323-3EAB9ACBFF45", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ccx:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "AD62E8B9-9715-4217-864F-C54F1DEE835F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ccx:4.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "32F36940-BF16-4C7C-A24C-D923AF333709", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ccx:4.0\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "F2BE86CE-EF95-4841-B145-DFA4D0E0EF4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ccx:4.0\\(4\\):*:*:*:*:*:*:*", "matchCriteriaId": "369C0FF7-BC46-400E-AC61-F97BAFDE14FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ccx:4.0\\(5\\):*:*:*:*:*:*:*", "matchCriteriaId": "6883E046-DA9D-4402-A22B-31140D6C8054", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ccx:4.0\\(5a\\):*:*:*:*:*:*:*", "matchCriteriaId": "ED3C91A3-E343-4FAC-85D7-649C7ECE6E64", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ccx:4.5\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "51E21F75-530E-4399-B8EC-1E933711D6E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ccx:4.5\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "6273D50B-8D2B-4F5A-B4F3-2CC86F5B730F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ccx:5.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "AB3F5DF8-E9A7-4812-8677-BDCE4679ED9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ccx:6.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "DBAF3470-5AF5-4B26-AA92-A92E908A52E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ccx:7.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "A8CDC6A2-319F-4C83-8042-BEF6C9FD1C2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ip_contact_center_express:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "BA09955E-62F4-4098-8FFF-C61D33EB8AB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ip_contact_center_express:5.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "EBA8057F-7E31-4F9D-992E-621DCD7C4089", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ip_contact_center_express:6.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "1568EE5B-716D-439B-9017-8498C9353B4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ip_contact_center_express:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "BCFA9981-ED56-4D5B-AF82-1BCC551FE02A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ip_ivr:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "71082BE9-AF48-460A-9127-4D5D6DBA02F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ip_ivr:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "CDFDB400-1557-4A6D-A40F-00271A666A0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ip_ivr:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "E744A286-EA75-4E20-8503-12217FE0F03E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ip_ivr:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "D4B5083B-0782-4668-B88A-A6DB65A4AFCA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ip_ivr:4.5:*:*:*:*:*:*:*", "matchCriteriaId": "F3782F66-76E2-4912-AA16-CB552A8C4ED5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ip_ivr:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "A26B5F10-147A-4C32-BE98-F24407E4973F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ip_ivr:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "C1E4FAEE-BE07-45D8-A7F4-92668CA9BF8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ip_ivr:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "73CA4024-4F80-466A-9383-9A68E2FAC995", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ip_ivr:7.0\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "53C79246-3D29-4A8E-94DD-8771964B7E4F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados - XSS - en el interfaz de administraci\u00f3n en Cisco Customer Response Solutions (CRS) anteriores a v7.0(1) SR2 en el servidor Cisco Unified Contact Center Express (tambi\u00e9n conocido como CCX) permite a los usuarios remotos autenticado inyectar arbitrariamente una secuencia de comandos web o HTML en la base de datos CCX a trav\u00e9s de vectores no especificados."}], "id": "CVE-2009-2048", "lastModified": "2024-11-21T01:04:00.537", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-07-16T15:30:00.767", "references": [{"source": "ykramarz@cisco.com", "url": "http://osvdb.org/55937"}, {"source": "ykramarz@cisco.com", "url": "http://secunia.com/advisories/35861"}, {"source": "ykramarz@cisco.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ae04b2.shtml"}, {"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/35705"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id?1022569"}, {"source": "ykramarz@cisco.com", "url": "http://www.vupen.com/english/advisories/2009/1913"}, {"source": "ykramarz@cisco.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51730"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/55937"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/35861"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ae04b2.shtml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/35705"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1022569"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/1913"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51730"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}